I'm having a slight problem accessing some https sites. I can access the sites fine from a Windows 98 machine on the same network. From linux though, no matter which browser I use, I'm stuck in connecting. The following is the URL for my banking site which is one example. Anyone have any suggestions what could be wrong?

I checked. I currently have dev-libs/openssl 0.9.6d installed and the make.defaults already includes use ssl. I know they were used for the compile of the browser because I only upgraded to Mozilla 1.0-r2 a couple of days ago.

In addition, I can access other SSL sites. My company use Outlook web access which works just fine for me and I know that requires 128bit SSL.

I also tried tweaking the SSL settings under preferences in both Mozilla and Konqueror. I turned off support for various ciphers and versions of SSL without any effect.

I'm having a slight problem accessing some https sites. I can access the sites fine from a Windows 98 machine on the same network. From linux though, no matter which browser I use, I'm stuck in connecting. The following is the URL for my banking site which is one example. Anyone have any suggestions what could be wrong?

Some banks just deny access with "untested"/"unsupported" browsers... Maybe if you try with Netscape instead of Mozilla, or make Mozilla pretend to be Netscape/MSIE, you can get it..._________________| www.gentoo.org | www.tldp.org | www.google.com |

Which according to a write up on Mozilla.org should change the user-agent string the browser returns. The actual string I got from web testing site that showed the user-agent strings different browsers return. The part at the beginning was "Mozilla/4.0" but Mozilla wouldn't start unless I changed it.

Anyway I tested and still get the same results. It's like the site isn't even there. I'm stuck connecting until the connect times out.

That's the only one I remember the address for right now but there have been some e-commerce sites in the past that haven't worked. For those I've always just choosen to shop elsewhere. For my credit union though going elsewhere would be a more involved decision.

This might not help but when I do a tcpdump trace of the communications between my machine and the internet I can see a syn packet go out but I never see a reply packet back. If I use telnet to open a connection to the site it just sits connecting. If I telnet to another secure site it does actually connect. No data back but that's most likely becasue telnet can't negotiate a secure connection.

It would seem that for some reason the response packet is never coming back. I wonder if there are any kernel configurations that could interfere with certain kinds of connections.

I finally corrected this and thought I'd post the solution in case any one else encounter this problem. It turns out thatat some point when configuring my kernel build I turn on Explicit congestion notification. This sets a newly defined bit in the header of syn packets. Some firewalls mistakenly throw out packets using this new option. You can correct the problem by either recompiling your kernel without ecn or by doing the following at a command prompt or in a init script every time you boot.

echo 0 > /proc/sys/net/ipv4/tcp_ecn

Just goes to show you really need to watch what options you select in the kernel.

I'm having a slight problem accessing some https sites. I can access the sites fine from a Windows 98 machine on the same network. From linux though, no matter which browser I use, I'm stuck in connecting. The following is the URL for my banking site which is one example. Anyone have any suggestions what could be wrong?

Some banks just deny access with "untested"/"unsupported" browsers... Maybe if you try with Netscape instead of Mozilla, or make Mozilla pretend to be Netscape/MSIE, you can get it...

How do you tell Mozilla to fake its browser ID? I can't find where to do it...

I do know that Opera has an option to fake browser ID, and comes with presets for Netscape and Internet Explorer... but I don't like to use Opera._________________Even a stopped clock gives the right time twice a day.

Near the end it discusses the prefs.js file and the options it controls. The specific option your looking for is general.useragent.override. I'm really not sure why this isn't more accessable. Or maybe it is I just don't know about it.